[Snort-users] Fw: Lesbian Mpeg

Mark.Schutzmann at ...10438... Mark.Schutzmann at ...10438...
Wed Apr 14 11:13:11 EDT 2004


It looks something like Netsky.x or w32.blackmal at ...3071...  I would suspect
(without being able to view the original MTA headers) that they are spoofed
from someone else? Or maybe Jason's machine was trojaned and sent his
mailing list out or is using his mailing list in its SMTP engine? I don't
think an AV scanner would detect these messages, as they are all text (or
did my AV scanner strip something out?).



                                                                                                                                                  
                      "Harper, Patrick"                                                                                                           
                      <patrick.harper at ...11593...>           To:       <snort-users at lists.sourceforge.net>                                           
                      Sent by:                            cc:                                                                                     
                      snort-users-admin at ...4626...        Subject:  RE: [Snort-users] Fw: Lesbian Mpeg                                            
                      ceforge.net                                                                                                                 
                                                                                                                                                  
                                                                                                                                                  
                      04/14/2004 10:15 AM                                                                                                         
                                                                                                                                                  
                                                                                                                                                  




Has anyone identified what these are?  My AV is not picking it up, but I
know they can't be good




Patrick S. Harper | CISSP RHCT MCSE
Information Security Engineer
patrick.harper at ...11593...




From: jhaar [mailto:jhaar at ...294...]
Sent: Tuesday, April 13, 2004 6:46 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Fw: Lesbian Mpeg

movie attached open by media Player 7.1



Trimble.co.nz servers automatically scanned for viruses using McAfee
SECURITY




Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure, dissemination,
use or reproduction is strictly prohibited. If you have received this
message in error, please delete it and notify the sender immediately.










More information about the Snort-users mailing list